package servlet.events;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import bundle.ErrorsBundleKey.ChangePwdErrorBundleKey; //ChangePwd errors bundle

import dao.DAOFactory;
import model.User;
import util.SimpleMD5;

public class ChangePwdHandler extends EventHandler {

	@Override
	public void execute(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		
		try {
			if (validateForm(request) && verifyPassword(request)) {	
				
				User user = getUser(request);
				
				if (DAOFactory.getUserDAO().update(user)) { //if ok
					HttpSession session = (HttpSession) request.getSession();
					request.setAttribute("status", "ok");
					session.setAttribute("user", user);					
				}
				else
					request.setAttribute("status", "error");
			}
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		}

	    forward(urlBundle.getString("CHANGEPWD_URL"), request, response);	
	}	
	
	
	
	private User getUser(HttpServletRequest request) 
		throws NoSuchAlgorithmException, UnsupportedEncodingException {
		
		HttpSession session = (HttpSession) request.getSession();
		
		//get user info from EITHER session 'user'  or database (with UserDAO's findById())
		//using 'copy constructor'
		User user = new User((User) session.getAttribute("user")); //from session
		
		//field that are able to be changed
		user.setPassword(SimpleMD5.encrypt(request.getParameter(USER_NEW_PASSWORD)));

		return user;
	}	
	
	private boolean verifyPassword(HttpServletRequest request) 
		throws NoSuchAlgorithmException, UnsupportedEncodingException {
		
		HttpSession session = (HttpSession) request.getSession();
		
		//get user info from EITHER session 'user'  or database (with UserDAO's findById())
		User user = new User((User) session.getAttribute("user")); //from session
		
		String old_password = SimpleMD5.encrypt(request.getParameter(USER_OLD_PASSWORD));
		if(!user.getPassword().equals(old_password)) {
			//request.setAttribute("OLD_PASSWORD_ERROR", ResourceBundle.getBundle("Errors").getString("OLD_PASSWORD_ERROR"));
			setErrors(ChangePwdErrorBundleKey.OLD_PASSWORD_ERROR, request);
			return false;
		}
		return true;
	}
	
	private boolean validateForm(HttpServletRequest request) {
		int i = 0;
		//ResourceBundle bundle = ResourceBundle.getBundle("Errors");
		
		//USER_OLD_PASSWORD
		if(request.getParameter(USER_OLD_PASSWORD) == null 
				|| request.getParameter(USER_OLD_PASSWORD).equals("")) 
		{
			//request.setAttribute("OLD_PASSWORD_NOT_NULL", bundle.getString("OLD_PASSWORD_NOT_NULL"));
			setErrors(ChangePwdErrorBundleKey.OLD_PASSWORD_NOT_NULL, request);
			i++;
		}
		
		//USER_NEW_PASSWORD
		if(request.getParameter(USER_NEW_PASSWORD) == null 
				|| request.getParameter(USER_NEW_PASSWORD).equals("")) 
		{
			//request.setAttribute("NEW_PASSWORD_NOT_NULL", bundle.getString("NEW_PASSWORD_NOT_NULL"));
			setErrors(ChangePwdErrorBundleKey.NEW_PASSWORD_NOT_NULL, request);
			i++;
		}
		
		//USER_NEW_PASSWORD_CONFIRM
		if(request.getParameter(USER_NEW_PASSWORD_CONFIRM) == null 
				|| request.getParameter(USER_NEW_PASSWORD_CONFIRM).equals("")) 
		{
			//request.setAttribute("CONFIRM_NEW_PASSWORD_NOT_NULL", bundle.getString("CONFIRM_NEW_PASSWORD_NOT_NULL"));
			setErrors(ChangePwdErrorBundleKey.CONFIRM_NEW_PASSWORD_NOT_NULL, request);
			i++;
		}
		else if((!request.getParameter(USER_NEW_PASSWORD).equals(request.getParameter(USER_NEW_PASSWORD_CONFIRM))))
		{
			//request.setAttribute("COMPARE_NEW_AND_CONFIRM_PASSWORD", bundle.getString("COMPARE_NEW_AND_CONFIRM_PASSWORD"));
			setErrors(ChangePwdErrorBundleKey.COMPARE_NEW_AND_CONFIRM_PASSWORD, request);
			i++;
		}
		
		if (i != 0)
			return false;
		
		return true;
	}
		
	private static final String USER_OLD_PASSWORD = "old_password";
	private static final String USER_NEW_PASSWORD = "new_password";
	private static final String USER_NEW_PASSWORD_CONFIRM = "new_password_confirm";
}
